JUNIPER QFX10K | EVPN-VXLAN | MAC LEARNING VERIFICATION | SINGLE-HOMED ENDPOINT

This article is all about EVPN-VXLAN and Juniper QFX technology. I’ve been working with this tech quite a lot over the past few months and figured it would be useful to share some of my experiences. This particular article is probably going to be released in 2 or 3 parts and is focused specifically on the MAC learning process and how to verify behaviour. The first post focuses on a single-homed endpoint connected to the fabric via a single leaf switch. The second part will look at a multihomed endpoint connected via two leaf switches that are utilising the EVPN multihoming feature. And, lastly, the third part will focus on Layer 3 Virtual Gateway at the QFX10k Spine switches. The setup I’m using is based on Juniper vQFX for spine and leaf functions with a vSRX acting as a VR device. I also have a Linux host that is connected to a single leaf switch.

Overview

When verifying and troubleshooting EVPN-VXLAN it can become pretty difficult to figure out exactly how the control plane and data plane are programmed and how to verify behaviours. You’ll find yourself looking at various elements such as the MAC table, EVPN database, EVPN routing Continue reading

Understanding IPv6: Solicited-Node Multicast In Action (Part 7 of 7)

 

The last few blogs in my series on IPv6 have focused on solicited-node multicast, which provides the functionality for Neighbor Discovery in IPv6 addressing. We ended the last blog with a cliffhanger, asking, “In IPv6, how do we find the Layer 2 MAC address associated with a Layer 3 IPv6 address?”

 

Time to put the pieces together
In this series of blogs, I have laid out all the varying puzzle pieces needed to answer this question. Let’s start putting those puzzle pieces together.

In this blog, we learned that, if a device has an IPv6 global address of 2001:DB8::AB:1/64, then, according to RFC 4291, it must also “compute and join” the IPv6 solicited-node multicast address FF02::1:FFAB:1.

By the same logic, that means the node associated with the IPv6 address of 2001:DB8::AB:2 must “compute and join” the IPv6 solicited-node multicast address FF02::1:FFAB:2.

So our first puzzle piece gets us to here:

But so what? How does that get us any closer to getting the DMAC associated with Router B’s IPv6 global unicast address? All it did was give us a multicast address that this IPv6 unicast address must join.

Let’s add another piece of the puzzle. From this Continue reading

Understanding IPv6: The Ping Before Solicited-Node Multicast (Part 6 of 7)

In a previous blog, we looked at the basics of IPv6 solicited-node multicast. Going back to our Router A and Router B environment, if we sniff the wire while pinging from Router A’s IPv6 address to Router B’s IPv6 address, what will we see? Spoilers! Suffice it to say we will see some IPv6 solicited-node multicast very much in action.

 

Ping in IPv4

Before we jump into IPv6, let’s first do an IPv4 ping from Router A to Router B. When we sniff the wire we can review the mechanisms of how IPv4 does all of this on the wire.

When ping 10.10.10.2 is entered on Router A, the router knows it is being asked to build an ICMP echo request message and put it “out on the wire” with a destination IP address of 10.10.10.2. But in order to make the request “ready” to put out on the wire to get to 10.10.10.2, Router A needs more than simply the destination IPv4 address.

For the purposes of this post, we will look at four things the router needs before sending the ICMP echo request out on the wire. These Continue reading

BrandPost: Delivering Best-in-Class Education Technology Without Breaking the Bank

Digital technology is driving fundamental changes in the educational process. As digital devices and the internet become an integral part of students’ lives, schools are finding they must support new learning solutions. Digital learning is a new constant in the school day.New digital solutions and technologies such as virtual/augmented reality, digital whiteboards, distance learning, personalized learning, artificial intelligence, and gamification are creating new demands on schools’ IT capabilities and infrastructure. And as these and other exciting new technologies come into regular use, many schools find they need to upgrade their server room into an “always-on,” flexible, and cost-efficient data center designed to support 21st century learning.To read this article in full, please click here

Understanding IPv6: Prepping For Solicited-Node Multicast (Part 5 of 7)

Solicited-node multicast: I stumbled and tripped a bunch over this one in the beginning.  Well, that isn’t 100% true. Admittedly, at first, I really just ignored it, which really got in the way of my understanding some of the fundamentals of Neighbor Discovery Protocol (NDP).

But before we jump into solicited-node multicast, let’s review link-local scope multicast addresses.

Multicast is all around you
Multicast is all around your current IPv4 network. You might not think so if you haven’t enabled IP multicast routing and PIM, but it’s there. Pretty much everywhere you turn, it’s there.

Let’s return to our RouterA/RouterB environment. But let’s have IPv4 only running right now, like probably a lot of your routers in your environment.

Show IP interface
This is often an overlooked command, which is a shame because there is a great deal of very useful information that is given in the output. For now, we’re going to focus on the line “multicast reserved groups joined” and ignore all the other lines.

See? Lots and lots of multicast! To be specific, lots of “Local Network Control Block (224.0.0.0 – 224.0.0.255 (224.0.0/24),” according to the Internet Continue reading

Which data center intrusion prevention systems are worth the investment? NSS Labs tests 5 DCIPS products

Performance is critical when evaluating data center intrusion-prevention systems (DCIPS), which face significantly higher traffic volumes than traditional IPSes.A typical IPS is deployed at the corporate network perimeter to protect end-user activity, while a DCIPS sits inline, inside the data center perimeter, to protect data-center servers and the applications that run on them. That requires a DCIPS to keep pace with traffic from potentially hundreds of thousands of users who are accessing large applications in a server farm, says NSS Labs, which recently tested five DCIPS products in the areas of security, performance and total cost of ownership.To read this article in full, please click here

Which data center intrusion prevention systems are worth the investment? NSS Labs tests 5 DCIPS products

Performance is critical when evaluating data center intrusion-prevention systems (DCIPS), which face significantly higher traffic volumes than traditional IPSes.A typical IPS is deployed at the corporate network perimeter to protect end-user activity, while a DCIPS sits inline, inside the data center perimeter, to protect data-center servers and the applications that run on them. That requires a DCIPS to keep pace with traffic from potentially hundreds of thousands of users who are accessing large applications in a server farm, says NSS Labs, which recently tested five DCIPS products in the areas of security, performance and total cost of ownership.To read this article in full, please click here

Which data center intrusion prevention systems are worth the investment? NSS Labs tests 5 DCIPS products

Performance is critical when evaluating data center intrusion-prevention systems (DCIPS), which face significantly higher traffic volumes than traditional IPSes.A typical IPS is deployed at the corporate network perimeter to protect end-user activity, while a DCIPS sits inline, inside the data center perimeter, to protect data-center servers and the applications that run on them. That requires a DCIPS to keep pace with traffic from potentially hundreds of thousands of users who are accessing large applications in a server farm, says NSS Labs, which recently tested five DCIPS products in the areas of security, performance and total cost of ownership.To read this article in full, please click here

AMD Gets Zen About The Edge

If there is one thing that can be said about modern distributed computing that has held true for three decades now, it is that the closer you get to the core of the datacenter, the beefier the compute tends to be. Conversely, as computing gets pushed to the edge, it gets lighter by the necessity of using little power and delivering just enough performance to accomplish whatever data crunching is necessary outside of the datacenter.

While we have focused on the compute in the traditional datacenter since founding The Next Platform three years ago, occasionally dabbling in the microserver arena

AMD Gets Zen About The Edge was written by Timothy Prickett Morgan at The Next Platform.

Understanding IPv6: What Is Solicited-Node Multicast? (Part 4 of 7)

IPv6 solicited-node multicast somtimes seems to confuse those new to IPv6 in the beginning. I think this is because it seems so foreign and new. In this post, we will explore exactly what IPv6’s solicited-node multicast is and the rules of creating such an address as told to us by RFC 4291.

However, before we start on what’s new and different, let’s look at what solicited-node multicast has in common with IPv4 and IPv6 constructs that we already know.

In this blog post, we looked at IPv6 link-local scope multicast addresses. One of the examples was FF02::A. This address is for all devices on a wire that want to “talk” EIGRP with one another.

Focusing specifically on FF02::A and how routers join it, we can see and say three things:

  • Local: FF02::A is local to the wire.
  • Join: Each device “joins” FF02::A by just “deciding to listen” to the IPv6 link-local scope multicast address FF02::A. Then, by extension, it listens to the corresponding MAC address for that multicast IPv6 address (33:33:00:00:00:0A).
  • Common interest: As we can see, these varying groups have something in common that they would all like to hear about. For FF02::A, the common interest — the “connection” Continue reading

What is a SAN and how does it differ from NAS?

A storage area network (SAN) is a dedicated, high-speed network that provides access to block-level storage. SANs were adopted to improve application availability and performance by segregating storage traffic from the rest of the LAN. SANs enable enterprises to more easily allocate and manage storage resources, achieving better efficiency. “Instead of having isolated storage capacities across different servers, you can share a pool of capacity across a bunch of different workloads and carve it up as you need. It’s easier to protect, it’s easier to manage,” says Scott Sinclair, senior analyst with Enterprise Strategy Group.To read this article in full, please click here

Juniper’s new products help prepare networks for hybrid, multi-cloud

Earlier this week, Juniper Networks announced a bevvy of new networking products. (Note: Juniper Networks is a client of ZK Research.) In his blog post about the products, Andy Patrizio did an effective job covering the basics of the news. But left out some important points, and I wanted to make sure those got called out, including Juniper's tagline “multi-cloud ready."  Hybrid, multi-cloud is inevitable  As I’ve pointed out in many of my posts, hybrid multi-cloud environments are inevitable for most organizations. Small businesses may be able to build an IT strategy that is all public cloud, but any large company is going to choose a mix of private and public clouds.To read this article in full, please click here

Juniper’s new products help prepare networks for hybrid, multi-cloud

Earlier this week, Juniper Networks announced a bevvy of new networking products. (Note: Juniper Networks is a client of ZK Research.) In his blog post about the products, Andy Patrizio did an effective job covering the basics of the news. But left out some important points, and I wanted to make sure those got called out, including Juniper's tagline “multi-cloud ready."  Hybrid, multi-cloud is inevitable  As I’ve pointed out in many of my posts, hybrid multi-cloud environments are inevitable for most organizations. Small businesses may be able to build an IT strategy that is all public cloud, but any large company is going to choose a mix of private and public clouds.To read this article in full, please click here

1 1,714 1,715 1,716 1,717 1,718 3,841